DOCSLIB.ORG

Protecting Data in the Healthcare Industry

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Protecting Data in the Healthcare Industry WHITE PAPER Protecting Data in the Healthcare Industry An Osterman Research White Paper SPON Published July 2017 sponsored by sponsored by sponsored by sponsored by sponsored by sponsored by sponsored by sponsored by sponsored by sponsored by SPON sponsored by Osterman Research, Inc. P.O. Box 1058 • Black Diamond, Washington • 98010-1058 • USA Tel: +1 206 683 5683 • [email protected] www.ostermanresearch.com • @mosterman Protecting Data in the Healthcare Industry EXECUTIVE SUMMARY Criminals focused on getting a financial return from cybercrime have identified a particularly attractive target: the healthcare industry. The industry has a set of characteristics that make it ideal for all kinds of cyber attacks, including: • Preventing access to IT systems immediately triggers life-and-death consequences for patients under care, ensuring that a resolution becomes of critical urgency for the healthcare provider. If a doctor or nurse cannot read a patient's electronic health record to review critical health information, for example, a patient could be given a life- threatening prescription or the wrong procedure, leading to significant legal liability. • Stealing healthcare records is a lucrative business because of the inclusion of most of the personal, medical, and financial information a criminal requires for identity theft, medical fraud, financial misdemeanors, tax fraud, and insurance fraud, among others. In short, it’s the ultimate cheat sheet, and given that most of the core identifiable information can't be changed (such as a person's date of birth and Social Security number), it offers value for years to come. • Crippling IT systems is comparatively easier than in other leading industries because of systematic underinvestment in IT security within the healthcare industry, along with difficult-to-update medical devices that continue to run outdated and vulnerable operating systems. • An out-of-date mindset that cyber security is all about safeguarding patient data – which is the focus of much of the regulation that defines the minimum standard – rather than the new reality that cyber security is about ensuring the ability of a healthcare institution to function. Healthcare “is • An industry-wide lack of trained cyber security professionals, since much of the recent focus within the healthcare industry has been on implementing electronic health records the only systems (EHRs) under externally-imposed tight deadlines. With many IT professionals in industry the sector focused on new and emergent EHRs, there are new vulnerabilities and weaknesses to exploit. where employees are • Well-known cases in which healthcare providers have paid the ransom to reverse a ransomware infection because of a lack of backup capabilities, process failures, and the the predom- general urgency to get back to business as quickly as possible (since lives are at risk). Getting a reputation as a soft target is not a good thing. inant threat actors in • Interestingly, healthcare “is the only industry where employees are the predominant threat actors in breaches.i” breaches. KEY TAKEAWAYS The healthcare industry finds itself under cyber attack from many vectors, including ransomware, malware and targeted attacks. While these attacks specifically cause direct harm to IT systems, it's the flow-on effects that have the industry reeling. Cyber attacks are able to: • Undermine the ability of a healthcare provider to function. In the WannaCry ransomware attack in mid-May 2017, for example, hospitals across the United Kingdom had to divert incoming patients onboard ambulances to other hospitals, cancel surgeries that were within minutes of starting, and revert to tedious manual processes for critical care situations. Even basic processes like admitting a patient and printing a wrist band were compromised. The survey conducted for this white paper found that one in ten organizations surveyed were impacted by WannaCry. • Encrypt the electronic health records system at an institution, preventing access to core health data on patients currently under care. Healthcare professionals must return to paper-based processes for critical care situations, a work-style for which digitally native doctors and nurses may have never been trained. ©2017 Osterman Research, Inc. 1 Protecting Data in the Healthcare Industry • Exploit vulnerabilities in state-of-the-art medical devices that operate on outdated operating systems, such as CT scanners and MRI devices. This prevents their use for day- to-day diagnostic and analysis tasks, causing immediate consequences for patients under care, and costing enormous amounts in lost revenue per day. • Prevent the use of standard everyday communication tools, such as phone systems and email, making it difficult for doctors, nurses, and all other healthcare professionals to deliver patient care. • Exfiltrate valuable patient data for sale on the black market, triggering data breach notification requirements for healthcare providers, thus opening themselves up for regulatory fines, reputational damage, and class action suits. The key infection vectors for the healthcare industry are: • Email attachments that masquerade as standard business documents, but carry or point to a malicious payload that introduces malware or holds the user's computer and connected devices for ransom. • Web links that are disguised to look like a trusted site but point to a false and malicious destination. Link-shortening services are particularly dangerous because it is so easy for a convenient short link to hide a malicious destination. • Drive-by-downloads from malicious web sites that exploit known vulnerabilities in out-of- date applications and unpatched operating systems. • Advertisements on web sites and within applications that have been compromised, and carry a malicious payload. Since the user is visiting a known and trusted web site, the likelihood of being deceived by the malicious ad is higher. • Free downloads of normally expensive software that have been changed to include malicious components, or that merely masquerade as expensive software. The malicious payload can install a persistent threat that records keystrokes, exfiltrates data, or holds the computer for ransom. • USB drives that have become accidentally or intentionally infected with malware or ransomware. Plugging in the drive to share files with a colleague also introduces a malware or ransomware threat. The good news is that protecting healthcare data during the previous 12 months has become a “higher” or “significantly higher” priority for 47 percent of the organizations surveyed for this white paper. ABOUT THIS WHITE PAPER This white paper is sponsored by Forcepoint, Ipswitch, KnowBe4, Mimecast, Quest, South River Technologies, Spamhaus, Storage Made Easy and Zix. Information regarding the sponsors is provided at the end of this paper. THE REGULATORY LANDSCAPE FOR HEALTHCARE FIRMS There is a generalized recognition in many legal jurisdictions around the world that healthcare data is an especially sensitive type of personally identifiable information and must be protected from misuse. While the specific provisions and requirements have national nuances, the intent is essentially the same. Organizations managing healthcare data are subject to the following compliance requirements and regulations: HIPAA (1996) For US healthcare institutions, the Health Insurance Portability and Accountability Act (HIPAA) mandates a set of federal requirements for protecting individually identifiable health ©2017 Osterman Research, Inc. 2 Protecting Data in the Healthcare Industry information. These apply to both "covered entities" (those providing direct care) and "business associates" (of which there are many and varied types). The HIPAA Privacy Rule mandates protections for health information that's held or transmitted in any form or media, for data that can be associated with an identifiable person, such as the physical and mental health of a patient (past, present, and future expectations), the history of healthcare given to a patient, and payment mechanisms (past, present, or future). The HIPAA Security Rule requires that healthcare institutions put in place appropriate administrative, physical, and technical safeguards to assure the confidentiality, integrity, and availability of protected health information. For example, if data has to be sent to another person or institution and there is a significant risk of unauthorized disclosure, data encryption is required. Finally in terms of HIPAA, there is a recognition that healthcare workers themselves need to be ever vigilant of privacy and security issues. Section 164.308(5) requires that every organization in the US healthcare industry offer a security awareness and training program for its staff, including management. HITECH ACT (2009) The Health Information Technology for Economic and Clinical Health Act (HITECH) was introduced in the US in mid-February 2009, as part of the American Recovery and Reinvestment Act (see details below). It offered billions of dollars in funding for building a national interoperable medical records system, introduced a data breach notification requirement (Section 13402), and demanded evidence of tiered "meaningful use" of the medical records system by certain dates. Breaches of unsecured protected health information affecting 500 or more individuals are listed in a publicly accessible database managed by the An US Department of Health and Human Services Office for Civil Rights. Clearly, healthcare organizations
Load more

Recommended publications
  • Watchguard Internet Security Report Q4 2020
    INTERNET SECURITY REPORT Quarter 4, 2020 Contents The Firebox Feed™ provides quantifiable 03 Introduction data and trends about hackers’ latest 05 Executive Summary attacks, and understanding these trends can help us improve our defenses. 06 Firebox Feed Statistics 08 Malware Trends 09 Overall Malware Trends 11 Most-Widespread Malware 13 Catching Evasive Malware 14 Individual Malware Sample Analysis 18 Network Attack Trends 19 Most-Widespread Network Attacks 21 Top 10 Network Attacks Review 22 Overall Geographic Attack Distribution 24 DNS Analysis 25 Top Malware Domains 27 Firebox Feed: Defense Learnings 28 Endpoint Threat Trends 30 Top Ransomware Variants in 2020 33 Endpoint Defense Learnings 34 Top Security Incident 35 SolarWinds Breach 39 Important Takeaways 40 Conclusion and Defense Highlights 43 About WatchGuard Internet Security Report: Q4 2020 • 2 Introduction The Q4 report covers: As digital technology has evolved and become much more Firebox Feed Threat Trends: interconnected, your individual company’s cybersecurity This section highlights the top malware, network posture has expanded to affect others far beyond just your own 06 attacks, and threatening domains we see targeting organization. This complex cyber-ecosystem means it’s now in customers. We break these results down both by your best interest to improve everyone’s cybersecurity stance, raw volume and by the most widespread threats, not just your own. I believe cybersecurity needs to become a while also giving a regional view. We also highlight community effort that creates a tide to lift all boats. individual standout threats, such as Emotet, Tesla Agent, the return of cryptominers, and an IoT trojan Both the pandemic and the SolarWinds breaches seeded my targeting consumer routers called The Moon.
    [Show full text]
  • (Public Pack)Agenda Document for Licensing Sub-Committee, 16/04
    Public Document Pack LICENSING SUB-COMMITTEE MEETING TO BE HELD IN CIVIC HALL, LEEDS ON TUESDAY, 16TH APRIL, 2019 AT 10.00 AM MEMBERSHIP Councillors H Bithell - Kirkstall; C Knight - Weetwood; G Wilkinson - Wetherby; Enquiries specific to Agenda compiled by: Entertainment Licensing: Governance and Scrutiny Support Stephen Holder Civic Hall Tel No: 0113 3785332 LEEDS LS1 1UR Tel No: 0113 3788662 Produced on Recycled Paper A CONFIDENTIAL AND EXEMPT ITEMS The reason for confidentiality or exemption is stated on the agenda and on each of the reports in terms of Access to Information Procedure Rules 9.2 or 10.4(1) to (7). The number or numbers stated in the agenda and reports correspond to the reasons for exemption / confidentiality below: 9.0 Confidential information – requirement to exclude public access 9.1 The public must be excluded from meetings whenever it is likely in view of the nature of the business to be transacted or the nature of the proceedings that confidential information would be disclosed. Likewise, public access to reports, background papers, and minutes will also be excluded. 9.2 Confidential information means (a) information given to the Council by a Government Department on terms which forbid its public disclosure or (b) information the disclosure of which to the public is prohibited by or under another Act or by Court Order. Generally personal information which identifies an individual, must not be disclosed under the data protection and human rights rules. 10.0 Exempt information – discretion to exclude public access
    [Show full text]
  • How to Delist a Blacklisted IP Address
    How to delist a blacklisted IP address PROBLEM My IP address is blacklisted by some sender reputation RBL and emails are not delivered. How can I remove it form the blacklists? RBLs Our dedicated IP are only assigned to one account at a time, so we expect those users to take responsibility for all of the mail that is sent through their account. Please note: in the event that a sending domain (and not the IP address) is blacklisted, that domain’s controller will be responsible for handling the delisting request. RBLs are blacklists of IP addresses. One IP address enters into a blacklist for spamming activity. Here you can find instructions on what to do once the IP address entered into one or more blacklists. Why did you get into the blacklist in the first place? First of all, make sure you identified the reason for the blacklisting. If you didn’t identify and resolve it, you will just make things worse by asking for delisting. The IP will be quickly re-blacklisted and it will be harder to delist it. So, check why the IP has been blacklisted and fix the source of the problem before going ahead. Once you resolved all the problems (if it is a new IP address there is no problem to resolve, of course), you can go ahead with the delisting with the following instructions. First time cleanup If you just acquired this IP address, make sure that the dns reverse lookup is set before requesting removal from blacklists. When asked for a reason for requesting delisting, tell that you just acquired the IP address.
    [Show full text]
  • Mimecast Cloud Archive
    S Mimecast Cloud Archive The Best Defense is a Good Offense Effective information management is a business-critical issue for organizations of all sizes and across a wide variety of industries. As the massive volumes of data being created converge with increasingly stringent restrictions on how information must be maintained, the data management quandary is fast approaching a boiling point; and organizations are struggling to keep pace. From enforcing complex regulatory policies and reducing legal exposure to ensuring efficient data retrieval and safeguarding employee productivity, companies need solutions that can tame complexity, minimize risk, reduce costs, and decrease the burden on already over-taxed resources. Mimecast helps companies protect their employees, intellectual property, customer data, and brand reputations by providing comprehensive, cloud-based security and compliance solutions that mitigate risk and reduce the cost and complexity of creating a cyber-resilient organization. The Mimecast Cloud Archive solution is a multi-purpose platform that serves the needs of legal, compliance, and IT leaders. With capabilities for managing retention, e-discovery, compliance, and supervision, Mimecast Cloud Archive helps reduce cost, complexity, and risk, while bringing greater insights and decision-making power to the people who need it. A leader in the Gartner Magic Quadrant for Enterprise Information Archiving for four years’ running, the solution allows you to: • Ensure Compliance – Mimecast Cloud Archive removes the guess work The Archiving Imperative from compliance by automating the application of customer-defined retention policies. Customers can reduce the risk, cost, and complexity T erag Dover abyt of navigating dynamic regulatory requirements, while controlling 1,0001 audit-readiness.
    [Show full text]
  • Monthly Security Bulletin
    Advanced Security Operations Center Telelink Business Services www.telelink.com Monthly Security Bulletin March 2020 This security bulletin is powered by Telelink’s Advanced Security Operations Center The modern cybersecurity threat landscape is constantly evolving. Why Advanced Security New vulnerabilities and zero-day attacks are discovered every day. The Operations Center (ASOC) by old vulnerabilities still exist. The tools to exploit these vulnerabilities are Telelink? applying more complex techniques. But are getting easier to use. • Delivered as a service, which Mitigating modern cyber threats require solutions for continuous guarantees fast implementation, monitoring, correlation, and behavior analysis that are expensive and clear responsibility in the require significant amount of time to be implemented. Moreover, many Supplier and ability to cancel the organizations struggle to hire and retain the expensive security experts contract on a monthly basis. needed to operate those solutions and provide value by defending the • Built utilizing state of the art organizations. leading vendor’s solutions. • Can be sized to fit small, The ASOC by Telelink allows organizations get visibility, control, and medium and large business recommendations on improving their security posture for a fixed and needs. predictable monthly fee. • No investment in infrastructure, team, trainings or required technology. • Flexible packages and add-ons that allow pay what you need approach. • Provided at a fraction of the cost of operating your own SOC. LITE
    [Show full text]
  • Best Practices for Securing the Enterprise in Today's Collaboration
    Best Practices for Securing the Enterprise in Today’s Collaboration-Based World A New Multi-Sponsor Survey, eGuide and Lead-Generation Program In Collaboration with Effectus Media Group, LLC Optional Participation in a Virtual Summit Project OR-JULYESC Effectus Media Group, LLC 2901 West Coast Highway, Suite 200 Newport Beach, CA 92663 C O N F I D E N T I A L WHO SHOULD CONSIDER THIS PROGRAM? This program is intended for sponsorship by any vendor that provides solutions designed to protect collaboration applications and data stores from advanced threats like phishing, ransomware and CEO Fraud/Business Email Compromise/whaling (BEC). Even smaller organizations can use in excess of 100 collaboration applications, including Microsoft Office 365, Microsoft Teams, Slack, Skype, Box, Google Apps, GotoMeeting, and Docusign, as well as a host of apps for individual departments. The intended audience for the eGuide will be decision makers and influencers in mid- sized and large organizations who are charged with evaluating and selecting security solutions. The goal of this program will be to help decision makers and influencers understand the risks of a growing number of collaboration applications, the growing volume of data that they contain, and the growing number and sophistication of advanced threats that can put corporate data at risk. In short, within this threat landscape, what are the best practices enterprises can employ and how can IT organizations regain control of their environments? OVERVIEW Vertical and horizontal collaboration applications with enterprises are now growing by leaps and WHAT THIS PROGRAM bounds. These applications go well beyond just INCLUDES: social networks, but include unified communications, document and workflow A mini-survey of management, and mobile and remote device corporate decision makers connectivity that can serve all employees.
    [Show full text]
  • Hot Topics and Trends in California Consumer Class Actions
    Hot Topics and Trends in California Consumer Class Actions Presented by: Robert B. Milligan, Daniel Joshua Salinas & Darren W. Dummit April 15, 2021 Seyfarth Shaw LLP “Seyfarth” refers to Seyfarth Shaw LLP (an Illinois limited liability partnership). ©2021 Seyfarth Shaw LLP. All rights reserved. Private and Confidential Legal Disclaimer This presentation has been prepared by Seyfarth Shaw LLP for informational purposes only. The material discussed during this webinar should not be construed as legal advice or a legal opinion on any specific facts or circumstances. The content is intended for general information purposes only, and you are urged to consult a lawyer concerning your own situation and any specific legal questions you may have. Seyfarth Shaw LLP “Seyfarth” refers to Seyfarth Shaw LLP (an Illinois limited liability partnership). ©2020 Seyfarth Shaw LLP. All rights reserved. Private and Confidential Agenda 01 COVID-19 Consumer Class Action Developments 02 Latest TCPA Decisions and Trends 03 Eavesdropper and Call Recording Claims Under CIPA 04 Recent Developments in Privacy/Data Breach 05 False Advertising Claims 06 Latest Developments Concerning Arbitration and Class Waivers Latest Decisions and Trends Involving Live Sports, Entertainment, 07 and Recreation ©2021 Seyfarth Shaw LLP. All rights reserved. Private and Confidential 3 Speakers Robert Milligan Daniel Joshua Salinas Darren W. Dummit Litigation Trade Secrets, Computer Litigation LOS ANGELES/ Fraud & Non-Competes LOS ANGELES/ CENTURY CITY LOS ANGELES/ CENTURY CITY CENTURY
    [Show full text]
  • Mimecast's Unified Email Management
    Sponsored by Mimecast Mimecast delivers cloud-based email management for Microsoft Exchange and Microsoft Office 365, including archiving, continuity and security. By unifying disparate and fragmented email environments into one holistic solution that is always available from the cloud, Mimecast minimizes the risk and reduces cost and complexity, while providing total end-to-end control of email. Founded in the United Kingdom in 2003, Mimecast serves more than 10,000 customers worldwide with millions of users and has offices in Europe, North America, Africa, Australia and the Channel Islands. www.mimecast.com 2 M#$3'&%01-#$02)89/:0$6') A+)O@)P'1'&)A&4CC'%') M#"+&-6:1Q)HIJR) ) ) Conversational Exchange Published by Conversational Geek Inc. www.conversationalgeek.com All rights reserved. No part of this book shall be reproduced, stored in a retrieval system, or transmitted by any means, electronic, mechanical, photocopying, recording, or otherwise, without written permission from the publisher. No patent liability is assumed with respect to the use of the information contained herein. Although every precaution has been taken in the preparation of this book, the publisher and author assume no responsibility for errors or omissions. Nor is any liability assumed for damages resulting from the use of the information contained herein. Trademarks Conversational Geek, the Conversational Geek logo and J. the Geek are trademarks of Conversational Geek. All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. We cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark.
    [Show full text]
  • Mimecast Enterprise Information Archiving a Single, Secure and Accessible Cloud Archive for Your Business’ Most Important Information
    DATASHEET Mimecast Enterprise Information Archiving A single, secure and accessible cloud archive for your business’ most important information. Mimecast delivers a secure, dependable and highly scalable solution to meet growing information management challenges. A single, tightly integrated cloud platform delivers unified and secure archiving of emails, files and IM conversations. It supports rapid access to content for compliance with regulations, comprehensive e-discovery and litigation readiness as well as granular user search. KEY FEATURES: KEY BENEFITS: l A single, secure cloud platform with unified l Instantly protect valuable intellectual property search for rapid access to all archived content – assets with a purpose-built, highly secure and email, files, IM trusted cloud platform supported by a 100% service availability SLA and guaranteed data l Archive integrity is provided through compliance storage region driven chains of custody for all your archive data l Delight users and speed workflows with rapid l Perpetual retention ensures a long term archive is search and content retrieval through a single, available to support compliance and e-discovery intuitive search interface across a choice of without needing to deploy any additional desktop and mobile apps hardware or significant software l Comprehensive compliance, e-discovery and l Folder based retention and replication of a user’s litigation support through compliance driven Exchange mailbox folder structure combined chains of custody for all your archive data with Exchange
    [Show full text]
  • With the Increase in Online Activity During the Pandemic, Cybercriminals Are Finding New and Innovative Ways to Target Customers
    A GULF NEWS SPONSORED SUPPLEMENT Tuesday, October 20, 2020 With the increase in online activity during the pandemic, cybercriminals are finding new and innovative ways to target customers PAGE 2 2 Tuesday, October 20, 2020 dle East and North Africa– many of which were likely used for financial gain.” Scamsters have capitalised on the pan- demic with creative attack campaigns that play to the present mood. With peo- ple’s health, jobs and finances all under threat, cyber monitors report an in- crease in e-mails enticing users to click on unsafe links, purportedly offering in- formation on rising local case numbers, advice on safety measures, tips for claim- ing stimulus cheques, as well as alerts on coronavirus-linked investment opportu- nities or relief donations. Focused attacks CK TO “Ransomware, privileged access RS abuse, data loss and poorly configured TE services that create vulnerabilities are UT significant risks,” says Ammar Enaya, Re- SH gional Director – Middle East at Vectra, an artificial intelligence-based threat de- tection platform that counts UAE banks THE COVID EFFECT among its clients. “Cybercriminals partic- ularly target banking customers and sup- ply chain partners so those connections tion, there is often a general escalation and credentials must be controlled and BY KEITH J FERNANDEZ in cybercriminals’ activity,” says Anoop monitored too. Banks are also a target SPECIAL TO GN FOCUS Das, cybersecurity expert at the cloud for politically motivated attacks seeking services provider Mimecast Middle East. to disrupt and destabilise a region’s infra- n August, Hozefa Arsiwala was having “There has been a spike in cybercrime structure.
    [Show full text]
  • Fall 2019 Email Security
    2019 FALL CUSTOMER SUCCESS REPORT EMAIL SECURITY SOFTWARE CATEGORY EMAIL SECURITY SOFTWARE OVERVIEW Email security software monitors a company’s outbound and inbound email traffic for malicious and unwanted messages. These tools quarantine or block spam, phishing attacks, and malware. Advanced solutions also provide data loss prevention capability as well as email encryption features for outbound email. Email security software helps to ensure staff compliance and prevent internet threats. The program funnels incoming emails through spam filters and scans messages before transmitting them across a firewall. These tools include user governance or labeling functions to determine malicious actors and stop them from communicating further. Their archiving capabilities enable enterprises to keep a log of past communications for both reference and compliance purposes. 2 Customer Success Report Ranking Methodology The FeaturedCustomers Customer Success ranking is based on data from our customer reference Customer Success Report platform, market presence, web presence, & social Award Levels presence as well as additional data aggregated from online sources and media properties. Our ranking engine applies an algorithm to all data collected to calculate the final Customer Success Report rankings. The overall Customer Success ranking is a weighted average based on 3 parts: Market Leader Content Score is affected by: Vendor on FeaturedCustomers.com with 1. Total # of vendor generated customer substantial customer base & market share. references (case studies, success stories, Leaders have the highest ratio of customer testimonials, and customer videos) success content, content quality score, and social media presence relative to company size. 2. Customer reference rating score 3. Year-over-year change in amount of customer references on FeaturedCustomers platform 4.
    [Show full text]
  • Design – TAG Cyber LLC Finance – M&T Bank Administration – Navitend Research – TAG Cyber LLC Lead Author – Dr
    Design – TAG Cyber LLC Finance – M&T Bank Administration – navitend Research – TAG Cyber LLC Lead Author – Dr. Edward G. Amoroso Researchers – Liam Baglivo, Matt Amoroso, Miles McDonald Facilities – WeWork, NYC TAG Cyber LLC P.O. Box 260, Sparta, New Jersey 07871 Copyright © 2018 TAG Cyber LLC. All rights reserved. This publication may be freely reproduced, freely quoted, freely distributed, or freely transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system without need to request permission from the publisher, so long as the content is neither changed nor attributed to a different source. Security experts and practitioners must recognize that best practices, technologies, and information about the cyber security industry and its participants will always be changing. Such experts and practitioners must therefore rely on their experience, expertise, and knowledge with respect to interpretation and application of the opinions, information, advice, and recommendations contained and described herein. Neither the author of this document nor TAG Cyber LLC assume any liability for any injury and/or damage to persons or organizations as a matter of products liability, negligence or otherwise, or from any use or operation of any products, vendors, methods, instructions, recommendations, or ideas contained in any aspect of the 2018 TAG Cyber Security Annual volumes. The opinions, information, advice, and recommendations expressed in this publication are not representations of fact, and are subject to change without notice. TAG Cyber LLC reserves the right to change its policies or explanations of its policies at any time without notice. September 7, 2017 To the Reader: This 2018 TAG Cyber Security Annual – Volume 1: Outlook for Fifty Cyber Security Controls is a companion guide to the report of similar name issued last year.
    [Show full text]